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ABSTRACT and CONTENTS 

This document proposes a method for controlling special 
capabilities such as "system diagnostic ", etc. When 
approved it will be part of the Ml file and sub-process 
systems . 
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Control of Capabilities 

Some method must be available for a sub -process to acquire 
extraordinary capabilities when they are needed. Through 
the addition of three operations in the basic file system, 
we gain the ability to both access and control capabili- 
ties. Both operations involve the use of a new item in the 
MIB header, the user capability word (UCW) . 

A sub-process acquires extra capabilities by: 

1) setting TAK to the appropriate user number, and 

2) executing MERGE' SCB (UNDK, SPTX ) . 

This operation merges the UCW of the MIB specified by 
UNDK into the status control bits (SCB) of sub-process 
SPTX. The operation fails unless TAK appears on the owner- 
access lock list with ownership access to the MIB. It 
also fails if SPTX is not controlled by the calling sub- 
process. If desirable the sub-process can then use SET' 
SPT' FIELD to reduce the capabilities acquired. 

The other two operations are for reading and setting the UCW. 
READ 'UCW (UNDK) returns the UCW of the specified MIB. It 
requires read access to the MIB. SET ' UCW ( UNDK 1,UNDK2, ON, OFF) 
copies part of the UCW of UNKDl to UNDK2 . It requires 
ownership access to both MIBs. The bits selected by ON are 
set; those selected by OFF are reset. The operation fails 
if the bits selected by ON are not part of the UCW of UNDK1 . 
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Thus capabilities are normally assigned to users. They may 
be acquired by the user's sub-processes or by sub-processes 
which own the user's MIB . Further capabilities may be 
granted or withdrawn by a sub-process which controls the 
capability and owns the source and target MIBs. All that is 
needed is the prime source of capabilities. This will be 
the system owner's MIB. The UCW of this MIB will contain 
all capabilities. The few, totally privileged, programs 
running from this MIB can then dispense capabilities 
according to policy decisions beyond the scope of this 
document. 



